Category Office 365

A customer asked me if it was possible to have a room mailbox automatically accept meeting requests from external parties. They would also like to publish the calendar of that specific room publicly.

Accept meetings from external parties

Let’s start with the first question. By default, resource mailboxes only accept requests from internal senders. As you might guess, you can’t change this behavior through the GUI, Powershell to the rescue!

Since I didn’t know the cmdlet that would let me change this behavior, the first thing I did was look for all “Calendar cmdlets”. After connecting to the Office 365 PowerShell, I ran this command

PowerShell

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

get-command*calendar*

CommandType Name Version Source

----------------------------

FunctionGet-CalendarDiagnosticAnalysis1.0tmp_xse1ew1u.eif

FunctionGet-CalendarDiagnosticLog1.0tmp_xse1ew1u.eif

FunctionGet-CalendarDiagnosticObjects1.0tmp_xse1ew1u.eif

FunctionGet-CalendarNotification1.0tmp_xse1ew1u.eif

FunctionGet-CalendarProcessing1.0tmp_xse1ew1u.eif

FunctionGet-MailboxCalendarConfiguration1.0tmp_xse1ew1u.eif

FunctionGet-MailboxCalendarFolder1.0tmp_xse1ew1u.eif

FunctionSet-CalendarNotification1.0tmp_xse1ew1u.eif

FunctionSet-CalendarProcessing1.0tmp_xse1ew1u.eif

FunctionSet-MailboxCalendarConfiguration1.0tmp_xse1ew1u.eif

FunctionSet-MailboxCalendarFolder1.0tmp_xse1ew1u.eif

Seems like there are a few cmdlets concerning calendars, good info for the second question! The Get-CalendarProcessing cmdlet looks promising, let’s try it out!

PowerShell

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

get-mailbox"test room"|Get-CalendarProcessing|fl

RunspaceId:9f1b6e5d-09a6-40d9-9b83-8006a50d4284

AutomateProcessing:AutoUpdate

AllowConflicts:False

BookingWindowInDays:180

MaximumDurationInMinutes:1440

AllowRecurringMeetings:True

EnforceSchedulingHorizon:True

ScheduleOnlyDuringWorkHours:False

ConflictPercentageAllowed:0

MaximumConflictInstances:0

ForwardRequestsToDelegates:True

DeleteAttachments:True

DeleteComments:True

RemovePrivateProperty:True

DeleteSubject:True

AddOrganizerToSubject:True

DeleteNonCalendarItems:True

TentativePendingApproval:True

EnableResponseDetails:True

OrganizerInfo:True

ResourceDelegates:{}

RequestOutOfPolicy:{}

AllRequestOutOfPolicy:False

BookInPolicy:{}

AllBookInPolicy:True

RequestInPolicy:{}

AllRequestInPolicy:False

AddAdditionalResponse:False

AdditionalResponse:

RemoveOldMeetingMessages:True

AddNewRequestsTentatively:True

ProcessExternalMeetingMessages:False

RemoveForwardedMeetingNotifications:False

MailboxOwnerId:test room

Identity:test room

IsValid:True

ObjectState:Changed

As you can see on the highlighted line, this is exactly the property we were looking for. Let’s change it so we get the desired behavior. In the get-command output, I saw a cmdlet Set-CalendarProcessing, this seems like the right one.

This change will only affect new meeting requests, requests that have already been refused won’t be automatically accepted.

Publish calendar publicly

In the cmdlets we got earlier, there wasn’t really one that stood out as a “possible match” so let’s look at the attributes of the calendar itself. In essence, the calendar is just a folder inside of a mailbox object. Let’s query that folder directly.

PowerShell

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

Get-MailboxCalendarFoldertestroom@domain.com:\calendar|fl

RunspaceId:

Identity:test room:\calendar

PublishEnabled:False

PublishDateRangeFrom:ThreeMonths

PublishDateRangeTo:ThreeMonths

DetailLevel:AvailabilityOnly

SearchableUrlEnabled:False

PublishedCalendarUrl:

PublishedICalUrl:

CalendarSharingOwnerSmtpAddress:

CalendarSharingPermissionLevel:Null

SharingLevelOfDetails:None

SharingPermissionFlags:None

SharingOwnerRemoteFolderId:AAA=

IsValid:True

ObjectState:Changed

That’s everything we need and more! As you can see, we can set the PublishEnabled attribute to true but we can do so much more. You can choose the detail level and even set how far back and forth the published calendar needs to go.

Let’s publish the calendar and run the Get-MailboxCalendarFolder cmdlet again to get the URL.

When running Office 365 in a hybrid deployment, it is possible to have a mailbox both on premises as on Office 365. This can happen when you assign the user an Exchange Online license before the mailbox has been migrated to Office 365.

If the user’s outlook is still configured to use the on-premises mailbox, this can create some funky issues. For example, sent items will be in the on-premises mailbox but new items will arrive in Office 365.

Verifying the mailbox on Office 365

The first thing you have to do is verify if the user has a mailbox on 365, Powershell lets us do this. This command returns all

PowerShell

1

2

3

Connect-MsolService

Get-MsolUser|where-object{$_.userprincipalname-like"*user*"}

Unsyncing user from Office 365

Once you’ve identified the user, that has a mailbox in Office 365, you have to remove the object from Office 365. You can do this by moving the user to an OU that is not synced with AADConnect. After that, run another AD Sync or wait until the next time the scheduled task runs. This sync will remove the user from Azure AD and flag the mailbox as “SoftDeleted”. That puts the mailbox in the recycle bin, there it will stay for 30 days before it will be automatically deleted.

Removing the mailbox from the recycle bin

In order to delete the user from the cloud recycle bin, you can use the following Powershell commands

PowerShell

1

2

3

Get-MsolUser-ReturnDeletedUsers-|FLUserPrincipalName,ObjectID

Remove-MsolUser-ObjectId<GUID>-RemoveFromRecycleBin-Force

Because of the distributed nature of Office 365, it can take up to 15 minutes for the changes to replicate. Now we can hard delete the mailbox

PowerShell

1

Remove-Mailbox-Identityuser@domain.com-PermanentlyDelete

Finishing up

As a final step, move the user back to an OU that is synced. The next time the scheduled task runs, the user will be recreated in Azure AD and will appear in the Office 365 admin center.

A couple of weeks ago we had an issue which resulted in some users getting deleted from Office 365. Because of a sync tool we use, we had to recreate the user accounts instead of restoring them. As a result of this (different SID), the new users also got a new Onedrive for Business library and could no longer access their existing library.

Listing all disabled user profiles

In the Office 365 admin center, go to the SharePoint admin center and click User profiles and Manage User Profiles.

While using various searches, I noticed that every user had i:0#.f|membership in front of their UPN. So I decided to use that as the search term, turns out this lists all users. After changing the view to Profiles missing from import, I got a list of all the disabled users.

Changing Onedrive for Business library permissions

Now that we can see the profiles, we can change the permissions. Click the three dots behind the profile and select Manage Site collection owners.

There you can set the new user as a Site collection administrator. Once you click OK, the users can access the old library using the web version of Onedrive for Business.

There is one caveat to all this, the old profiles will be deleted after 30 days, as part of the Office 365 automated cleanup.